Configuration
Specify the certificate configuration and the client certificate name of the default administration user under the secure configuration property.
|
The adminUser has all permission rights over the administration and security APIs; and can therefore add new administration users and assign user permissions (read/write) to different Storage Units through the Security API.
Generating Self-Signed Certificates
There is a utility script bin/generate-ssl-certs, available for Windows (.bat) and Linux (.sh), that generates the self-signed CA, server, and client certificate to load StageR in secure mode and to authenticate to StageR from client applications.
The command receives a destination folder, the client certificate name, and the certificate password.
Run the command from within the bin folder:
generate-ssl-certs.bat --generate ..\config\sslcerts TestUser 123456
NOTE: generate-ssl-certs.bat must be run from the bin directory. If you run from another directory, it appears to work but will not write all the certificate files (in fact it write the key files only)
Connecting from a Java Application
Before generating the keystore, install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8.
- Download jce8_policy from here
- Extract and copy the files to $JAVA_HOME/jre/lib/security
To connect to StageR from a Java application, generate a keystore for the client certificate and a truststore for the CA certificate:
- Keystore:
keytool -v -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS
- Truststore:
keytool -import -file ca.crt -keystore truststore.jks
When loading the java application, pass the following parameters:
-Djavax.net.ssl.keyStore=config/client.jks -Djavax.net.ssl.keyStorePassword=YOUR_PASSWORD -Djavax.net.ssl.trustStore=config/truststore.jks -Djavax.net.ssl.trustStorePassword=YOUR_PASSWORD